From e1d1c5c3f5d21d6d8a733041b35d6df45de7a07b Mon Sep 17 00:00:00 2001
From: Pea Tyczynska <CrystalPea@users.noreply.github.com>
Date: Wed, 23 Feb 2022 18:31:00 +0000
Subject: [PATCH] Let users on email auth delete their mobile numbers

Sometimes users ask us to delete their mobile numbers for them.

If those users are on email auth, they should be able to
delete their number themselves.

This will save them writing a support ticket and save us
going into the database.
---
 app/main/views/user_profile.py               | 23 ++++++++-
 app/templates/views/user-profile/change.html | 15 +++++-
 tests/app/main/views/test_user_profile.py    | 53 ++++++++++++++++++++
 3 files changed, 88 insertions(+), 3 deletions(-)

diff --git a/app/main/views/user_profile.py b/app/main/views/user_profile.py
index c02256964..478819188 100644
--- a/app/main/views/user_profile.py
+++ b/app/main/views/user_profile.py
@@ -118,22 +118,43 @@ def user_profile_email_confirm(token):
 
 
 @main.route("/user-profile/mobile-number", methods=['GET', 'POST'])
+@main.route(
+    "/user-profile/mobile-number/delete",
+    methods=['GET'],
+    endpoint="user_profile_confirm_delete_mobile_number"
+)
 @user_is_logged_in
 def user_profile_mobile_number():
 
+    user = User.from_id(current_user.id)
     form = ChangeMobileNumberForm(mobile_number=current_user.mobile_number)
 
     if form.validate_on_submit():
         session[NEW_MOBILE] = form.mobile_number.data
         return redirect(url_for('.user_profile_mobile_number_authenticate'))
 
+    if (request.endpoint == "main.user_profile_confirm_delete_mobile_number"):
+        flash("Are you sure you want to delete your mobile number from Notify?", 'delete')
+
     return render_template(
         'views/user-profile/change.html',
         thing='mobile number',
-        form_field=form.mobile_number
+        form_field=form.mobile_number,
+        user_auth=user.auth_type
     )
 
 
+@main.route("/user-profile/mobile-number/delete", methods=['POST'])
+@user_is_logged_in
+def user_profile_mobile_number_delete():
+    if current_user.auth_type == 'sms_auth':
+        abort(403)
+
+    current_user.update(mobile_number=None)
+
+    return redirect(url_for('.user_profile'))
+
+
 @main.route("/user-profile/mobile-number/authenticate", methods=['GET', 'POST'])
 @user_is_logged_in
 def user_profile_mobile_number_authenticate():
diff --git a/app/templates/views/user-profile/change.html b/app/templates/views/user-profile/change.html
index ae8a54a13..c7ffa8b51 100644
--- a/app/templates/views/user-profile/change.html
+++ b/app/templates/views/user-profile/change.html
@@ -20,9 +20,20 @@
     <div class="govuk-grid-column-three-quarters">
       {% call form_wrapper() %}
         {{ form_field(error_message_with_html=True) }}
-        {{ page_footer('Save') }}
+        {% if current_user.auth_type == 'email_auth' %}
+          {{ page_footer(
+            'Save',
+            delete_link=url_for(
+              'main.user_profile_mobile_number_delete',
+              user_id=current_user.id
+            ),
+            delete_link_text='Delete your number'
+            )
+          }}
+        {% else %}
+          {{ page_footer('Save')}}
+        {% endif %}
       {% endcall %}
     </div>
   </div>
-
 {% endblock %}
diff --git a/tests/app/main/views/test_user_profile.py b/tests/app/main/views/test_user_profile.py
index 21866e775..d3688143a 100644
--- a/tests/app/main/views/test_user_profile.py
+++ b/tests/app/main/views/test_user_profile.py
@@ -183,6 +183,59 @@ def test_should_show_mobile_number_page(
 ):
     page = client_request.get(('main.user_profile_mobile_number'))
     assert 'Change your mobile number' in page.text
+    assert 'Delete your number' not in page.text
+
+
+def test_change_your_mobile_number_page_shows_delete_link_if_user_on_email_auth(
+    client_request,
+    api_user_active_email_auth,
+    mocker
+):
+    mocker.patch('app.user_api_client.get_user', return_value=api_user_active_email_auth)
+    page = client_request.get(('main.user_profile_mobile_number'))
+    assert 'Change your mobile number' in page.text
+    assert 'Delete your number' in page.text
+
+
+def test_confirm_delete_mobile_number(
+    client_request,
+    api_user_active_email_auth,
+    mocker
+):
+    mocker.patch('app.user_api_client.get_user', return_value=api_user_active_email_auth)
+
+    page = client_request.get(
+        '.user_profile_confirm_delete_mobile_number',
+        _test_page_title=False,
+    )
+
+    assert normalize_spaces(page.select_one('.banner-dangerous').text) == (
+        'Are you sure you want to delete your mobile number from Notify? '
+        'Yes, delete'
+    )
+    assert 'action' not in page.select_one('.banner-dangerous form')
+    assert page.select_one('.banner-dangerous form')['method'] == 'post'
+
+
+def test_delete_mobile_number(
+    client_request,
+    api_user_active_email_auth,
+    mocker
+):
+    mocker.patch('app.user_api_client.get_user', return_value=api_user_active_email_auth)
+    mock_delete = mocker.patch('app.user_api_client.update_user_attribute')
+
+    client_request.post(
+        '.user_profile_mobile_number_delete',
+        _expected_redirect=url_for(
+            '.user_profile',
+            _external=True,
+        )
+    )
+    mock_delete.assert_called_once_with(
+        api_user_active_email_auth["id"],
+        mobile_number=None
+    )
 
 
 @pytest.mark.parametrize('phone_number_to_register_with', [